The Balancing Act by Security Compass

Today we are joined by David Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation, to talk about securing open source software. We will start with a brief discussion on the “2020 FOSS Contributor Survey” report, co-authored by David. We will then delve deeper into some surprising insights from that report as it relates to the dynamic nature of fast-moving open source development. Finally, we will conclude with David’s thoughts on where he thinks open source software security is headed. 

Today we are joined by Altaz Valani from Security Compass and Wayne Howell Jr., Cyber Security Process & Governance Leader at Honeywell, to talk about product security governance and bridging the gap between product and software security. We will talk about the similarities and differences between product and software security, particularly around the end — i.e. the post-deployment product support. We will then explore  areas of process convergence for these teams around requirements and hardware virtualization. To conclude, we will share insights about metrics.

Today we are joined by Katie Stewart, co-author of CMMC and Senior Member of the Technical Staff within the CERT® Division at the Software Engineering Institute, to talk about the creation and ongoing evolution of CMMC. We will start by talking about the history of CMMC and the response received so far. We will then turn our discussion to the ongoing evolution of CMMC and ways that people can get involved. CMMC is a significant step in the direction of securing the DoD supply chain and being aware of the ongoing evolution in this space will help leaders proactively plan ahead.

Today we are joined by Altaz Valani from Security Compass, Sesh Vaidyula, Partner at Templar shield, and Harvey Nusz, Principal at 4IT Security, Governance & Compliance, to talk about CMMC in a commercial context, given its overlap with NIST 800-53, NISC CSF, and ISO 27001. We will also discuss its similarities with other non-maturity standards and regulations such as PCI, HIPAA, GDPR. To conclude, we will talk about how CMMC might help the broader commercial industry.

Today we are joined by Altaz Valani from Security Compass, Sesh Vaidyula, Partner at Templar shield, and Harvey Nusz, Principal at 4IT Security, Governance & Compliance, in our second podcast about CMMC we will talk about what it means for DoD vendors. We will discuss the transformational leadership role that the DoD has as they work toward a more secure supply chain. We will conclude by discussing challenges that, in particular, smaller organizations face with CMMC compliance. 

Today we are joined by Altaz Valani from Security Compass, Sesh Vaidyula, Partner at Templar shield,  and Harvey Nusz, Principal at 4IT Security, Governance & Compliance, in our second podcast to talk about CMMC. We will talk about what CMMC means to DoD suppliers around building maturity. We will then discuss the transformational leadership role that the DoD has as they work toward a more secure supply chain. We will conclude by discussing challenges that, in particular, smaller organizations face with CMMC compliance.

Today we are joined by Altaz Valani from Security Compass and Wendy Murphy, Chair - Events & Outreach Working Group for CMMC Center of Excellence, to talk about their mission and then dive deeper into the common challenges organizations face with CMMC. We will conclude by talking about where the CMMC CoE is headed in the future. Given the importance of CMMC and its implications for ensuring security in the DoD supply chain, having insights and guidance from a Center of Excellence can help organizations leverage best practices and learn from the experience of others. 

Today we are joined by Altaz Valani from Security Compass and Ayhan Tek, VP of Information Security at Cyber Electra, to talk about how a security executive can enable speed to market in software development. Competition adds a lot of pressure to deliver software products faster which is why we will explore how a senior security executive can enable the business to keep moving fast instead of being perceived as a blocker. In today’s world, security is an imperative component of software development and can enable speed to market.

Today we are joined by Altaz Valani from Security Compass and Rohini Narasipur, Product Security Engineer at Bosch, to talk about what makes product security different from software security. With the convergence of software and hardware, it has become important to understand how software and hardware security processes can integrate with each other. To conclude, we get some forward-looking insights from Rohini about where product security is headed. In today’s world, we need to consider the security aspect of both software and hardware as well as the challenges that arise due to the cross-functional narrative.

Today we are joined by Rohit Sethi from Security Compass and David Fairman, Chief Security Officer at Netskope, to understand the concept of cyber-physical systems and how these are transforming the way we interact with engineered objects and infrastructure. We will also delve into the security concerns for cyber-physical systems as these play an increasingly vital role in critical infrastructure and can cause massive damage in the event of a cyberattack. In addition, David will talk about the use of these systems in the financial services sector drawing from his experience.